lrp encode channel rx works, get uid works

2025-08-22 06:13:51 -07:00 · 2021-08-19 17:06:35 +03:00 · 2021-08-19 17:06:35 +03:00 · 674568dfd9
commit 674568dfd9
parent e021870ed8
4 changed files with 14 additions and 7 deletions
--- a/client/src/cmdhfmfdes.c
+++ b/client/src/cmdhfmfdes.c
@ -2512,8 +2512,9 @@ static int CmdHF14ADesDeleteApp(const char *Cmd) {
 static int CmdHF14ADesGetUID(const char *Cmd) {
    CLIParserContext *ctx;
    CLIParserInit(&ctx, "hf mfdes getuid",
-                  "Get UID from card. Get the real UID if the random UID bit is on and get the same UID as in anticollision if not. Master key needs to be provided. ",
-                  "hf mfdes getuid -> execute with default factory setup");
+                  "Get UID from card. Get the real UID if the random UID bit is on and get the same UID as in anticollision if not. Any card's key needs to be provided. ",
+                  "hf mfdes getuid -> execute with default factory setup\n"
+                  "hf mfdes getuid --appisoid df01 -t aes -s lrp -> for desfire lights default settings");

    void *argtable[] = {
        arg_param_begin,
@ -2527,6 +2528,8 @@ static int CmdHF14ADesGetUID(const char *Cmd) {
        arg_str0("m",  "cmode",   "<plain/mac/encrypt>", "Communicaton mode: plain/mac/encrypt"),
        arg_str0("c",  "ccset",   "<native/niso/iso>", "Communicaton command set: native/niso/iso"),
        arg_str0("s",  "schann",  "<d40/ev1/ev2/lrp>", "Secure channel: d40/ev1/ev2/lrp"),
+        arg_str0(NULL, "aid",     "<app id hex>", "Application ID (3 hex bytes, big endian)"),
+        arg_str0(NULL, "appisoid", "<isoid hex>", "Application ISO ID (ISO DF ID) (2 hex bytes, big endian)."),
        arg_param_end
    };
    CLIExecWithReturn(ctx, Cmd, argtable, true);
@ -2536,7 +2539,9 @@ static int CmdHF14ADesGetUID(const char *Cmd) {

    DesfireContext dctx;
    int securechann = defaultSecureChannel;
-    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 0, 0, &securechann, DCMEncrypted, NULL, NULL);
+    uint32_t id = 0x000000;
+    DesfireISOSelectWay selectway = ISW6bAID;
+    int res = CmdDesGetSessionParameters(ctx, &dctx, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, &securechann, DCMEncrypted, &id, &selectway);
    if (res) {
        CLIParserFree(ctx);
        return res;
@ -2545,9 +2550,10 @@ static int CmdHF14ADesGetUID(const char *Cmd) {
    SetAPDULogging(APDULogging);
    CLIParserFree(ctx);

-    res = DesfireSelectAndAuthenticate(&dctx, securechann, 0x000000, verbose);
+    res = DesfireSelectAndAuthenticateAppW(&dctx, securechann, selectway, id, false, verbose);
    if (res != PM3_SUCCESS) {
        DropField();
+        PrintAndLogEx(FAILED, "Select or authentication %s 0x%06x " _RED_("failed") ". Result [%d] %s", DesfireSelectWayToStr(selectway), id, res, DesfireAuthErrorToStr(res));
        return res;
    }

--- a/client/src/mifare/desfirecrypto.c
+++ b/client/src/mifare/desfirecrypto.c
@ -263,7 +263,7 @@ void DesfireCryptoEncDecEx(DesfireContext *ctx, DesfireCryptoOpKeyType key_type,

    if (ctx->secureChannel == DACLRP) {
        size_t dstlen = 0;
-        LRPEncDec(key, iv, encode, srcdata, srcdatalen, data, &dstlen);
+        LRPEncDec(key, xiv, encode, srcdata, srcdatalen, data, &dstlen);
    } else {
        size_t offset = 0;
        while (offset < srcdatalen) {
--- a/client/src/mifare/desfiresecurechan.c
+++ b/client/src/mifare/desfiresecurechan.c
@ -145,6 +145,8 @@ static const AllowedChannelModesS AllowedChannelModes[] = {
    {MFDES_GET_FILE_IDS,              DACLRP,  DCCNative,    DCMMACed},
    {MFDES_GET_ISOFILE_IDS,           DACLRP,  DCCNative,    DCMMACed},
    {MFDES_GET_FILE_SETTINGS,         DACLRP,  DCCNative,    DCMMACed},
+
+    {MFDES_GET_UID,                   DACLRP,  DCCNative,    DCMEncrypted},
 };

 #define CMD_HEADER_LEN_ALL 0xffff
@ -653,7 +655,6 @@ static void DesfireSecureChannelDecodeLRP(DesfireContext *ctx, uint8_t *srcdata,
        }

        if (*dstdatalen >= desfire_get_key_block_length(ctx->keyType)) {
-            DesfireEV2FillIV(ctx, false, NULL); // fill response IV to ctx
            DesfireCryptoEncDec(ctx, DCOSessionKeyEnc, srcdata, *dstdatalen, dstdata, false);

            size_t puredatalen = FindISO9797M2PaddingDataLen(dstdata, *dstdatalen);
--- a/client/src/mifare/lrpcrypto.c
+++ b/client/src/mifare/lrpcrypto.c
@ -195,7 +195,7 @@ void LRPDecode(LRPContext *ctx, uint8_t *data, size_t datalen, uint8_t *resp, si
 void LRPEncDec(uint8_t *key, uint8_t *iv, bool encode, uint8_t *data, size_t datalen, uint8_t *resp, size_t *resplen) {
    LRPContext ctx = {0};

-    LRPSetKeyEx(&ctx, key, iv, 4 * 2, 0, true);
+    LRPSetKeyEx(&ctx, key, iv, 4 * 2, 1, true);
    if (encode)
        LRPEncode(&ctx, data, datalen, resp, resplen);
    else